Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 7418 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ports 67 & 68 (DHCP)

Mike_C
I have defined a network of 0.0.0.0/255.255.255.255 for local broadcast traffic. I created a rule to allow from the outside these 2 ports, yet continue to get the following drops in my syslog:
kernel: UDP Drop: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00[:D]0:58:7a:7c:54:08:00 SRC=stdhcp01.atl.mediaone.net DST=255.255.255.255 LEN=576 TOS=0x00 PREC=0x00 TTL=250 ID=13950 DF PROTO=UDP SPT=67 DPT=68 LEN=556 

Any ideas?


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to eaustin
    Ok, how about the other direction? I get log entries for src [specific x.x.x.x/32] UDP 67, bcast UDP 68 from a specific source (dchp server). I created a rule to DROP all traffic to all destinations from this source, yet still see the logged packets. The default rule (all, all, all) is also drop. What am I doing wrong?
  • 0 in reply to Kenn
    Are you referring to Astaro's logs?  If so, do the logs report the packets as being dropped?  They should.

    Eric
  • 0 in reply to eaustin
    Hi there guys, 

    to remove broadcast packets from the log you have to add the net

    global broadcast  255.255.255.255 255.255.255.255

    and add a rule 

    Any Any global broadcast Drop

    now these packets should not be logged anymore.

    hope that helps
    kind regards
    gert
  • 0 in reply to Gert Hansen
    Gert, that works.

    BTW, I had tried:
    any DHCP(67:68 67:68) any drop

    and that didn't help.

    Shouldn't ANY include 255.255.255.255/255.255.255.255 ?

    Thanks,
    Barry

    [ 30 October 2001: Message edited by: barrygould ]

  • 0 in reply to BarryG
    Gert,
    Thanks for the Broadcast tip. Been wondering how to get rid of those entries.
    Frank
  • 0 in reply to unkfrank12
    Hi Gert,
    I implemented this method to stop the logging of
    broadcast violations with no success:
     
    quote:
    to remove broadcast packets from the log you have to add the net
    global broadcast 255.255.255.255 255.255.255.255
    and add a rule 
    Any Any global broadcast Drop
    now these packets should not be logged anymore.  

    The log entries continue from ports 138, 67, 68.
    Any suggestions? I'm using version 2.016. THX
  • 0 in reply to carlbackbone
    we also try to filter dhcp- Broadcast.

    we defined a network broadcast32 255.255.255.255/255.255.255.255

    and a rule any any Broadcast32 drop.

    drop didn't work

    can any body help us? labs@mfh-iserlohn.de
Unfiltered HTML